Examples with UserEntityPermissions org.sagebionetworks.repo.model.auth.UserEntityPermissions used on opensource projects

Example 1 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class DefaultControllerAutowiredAllTypesTest method testGetUserEntityPermissions.

@Test
public void testGetUserEntityPermissions() throws Exception {
    // First create one of each type
    List<Entity> created = createEntitesOfEachType(1);
    assertNotNull(created);
    assertTrue(created.size() >= EntityType.values().length);
    // Now update each
    for (Entity entity : created) {
        // Make sure we can get the annotations for this entity.
        UserEntityPermissions uep = ServletTestHelper.getUserEntityPermissions(dispatchServlet, entity.getId(), userName);
        assertNotNull(uep);
        assertEquals(true, uep.getCanDownload());
        assertEquals(true, uep.getCanEdit());
        assertEquals(true, uep.getCanChangePermissions());
        assertEquals(true, uep.getCanDelete());
        assertEquals(true, uep.getCanView());
        assertEquals(true, uep.getCanAddChild());
    }
}

Example 2 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class AuthorizationManagerImpl method getUserPermissionsForEntity.

@Override
public UserEntityPermissions getUserPermissionsForEntity(UserInfo userInfo, String entityId) throws NotFoundException, DatastoreException {
    UserEntityPermissions permission = new UserEntityPermissions();
    Node node = nodeDAO.getNode(entityId);
    permission.setOwnerPrincipalId(node.getCreatedByPrincipalId());
    boolean parentIsRoot = nodeDAO.isNodesParentRoot(entityId);
    // must look-up access (at least to determine if the anonymous user can view)
    String permissionsBenefactor = nodeInheritanceDAO.getBenefactor(entityId);
    UserInfo anonymousUser = userManager.getUserInfo(AuthorizationConstants.ANONYMOUS_USER_ID);
    permission.setCanPublicRead(this.accessControlListDAO.canAccess(anonymousUser.getGroups(), permissionsBenefactor, ACCESS_TYPE.READ));
    boolean isCreator = node.getCreatedByPrincipalId().equals(Long.parseLong(userInfo.getIndividualGroup().getId()));
    // Admin and owner/creator get all
    if (userInfo.isAdmin() || isCreator) {
        permission.setCanAddChild(true);
        permission.setCanChangePermissions(true);
        permission.setCanDelete(true);
        permission.setCanEdit(true);
        permission.setCanView(true);
        permission.setCanDownload(true);
        permission.setCanEnableInheritance(!parentIsRoot);
        return permission;
    }
    // Child can be added if this entity is not null
    permission.setCanAddChild(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.CREATE));
    permission.setCanChangePermissions(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.CHANGE_PERMISSIONS));
    permission.setCanDelete(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.DELETE));
    permission.setCanEdit(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.UPDATE));
    permission.setCanView(this.accessControlListDAO.canAccess(userInfo.getGroups(), permissionsBenefactor, ACCESS_TYPE.READ));
    permission.setCanDownload(this.canDownload(userInfo, entityId));
    permission.setCanEnableInheritance(!parentIsRoot && permission.getCanChangePermissions());
    return permission;
}

Example 3 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class ServletTestHelper method getUserEntityPermissions.

public static UserEntityPermissions getUserEntityPermissions(HttpServlet dispatchServlet, String id, String userId) throws ServletException, IOException {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    request.setMethod("GET");
    request.addHeader("Accept", "application/json");
    request.setRequestURI(UrlHelpers.ENTITY + "/" + id + UrlHelpers.PERMISSIONS);
    request.setParameter(AuthorizationConstants.USER_ID_PARAM, userId);
    dispatchServlet.service(request, response);
    log.debug("Results: " + response.getContentAsString());
    if (response.getStatus() != HttpStatus.OK.value()) {
        throw new ServletTestHelperException(response);
    }
    return (UserEntityPermissions) objectMapper.readValue(response.getContentAsString(), UserEntityPermissions.class);
}

Example 4 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class EntityBundleControllerTest method testGetEntityBundle.

@Test
public void testGetEntityBundle() throws NameConflictException, JSONObjectAdapterException, ServletException, IOException, NotFoundException, DatastoreException {
    // Create an entity
    Project p = new Project();
    p.setName(DUMMY_PROJECT);
    p.setEntityType(p.getClass().getName());
    Project p2 = (Project) entityServletHelper.createEntity(p, TEST_USER1);
    String id = p2.getId();
    toDelete.add(id);
    Study s1 = new Study();
    s1.setName(DUMMY_STUDY_1);
    s1.setEntityType(s1.getClass().getName());
    s1.setParentId(id);
    s1 = (Study) entityServletHelper.createEntity(s1, TEST_USER1);
    toDelete.add(s1.getId());
    Study s2 = new Study();
    s2.setName(DUMMY_STUDY_2);
    s2.setEntityType(s2.getClass().getName());
    s2.setParentId(id);
    s2 = (Study) entityServletHelper.createEntity(s2, TEST_USER1);
    toDelete.add(s2.getId());
    // Get/add/update annotations for this entity
    Annotations a = entityServletHelper.getEntityAnnotaions(id, TEST_USER1);
    a.addAnnotation("doubleAnno", new Double(45.0001));
    a.addAnnotation("string", "A string");
    Annotations a2 = entityServletHelper.updateAnnotations(a, TEST_USER1);
    // Get the bundle, verify contents
    int mask = EntityBundle.ENTITY | EntityBundle.ANNOTATIONS | EntityBundle.PERMISSIONS | EntityBundle.ENTITY_PATH | EntityBundle.ENTITY_REFERENCEDBY | EntityBundle.HAS_CHILDREN | EntityBundle.ACL;
    EntityBundle eb = entityServletHelper.getEntityBundle(id, mask, TEST_USER1);
    Project p3 = (Project) eb.getEntity();
    assertFalse("Etag should have been updated, but was not", p3.getEtag().equals(p2.getEtag()));
    p2.setEtag(p3.getEtag());
    assertEquals(p2, p3);
    Annotations a3 = eb.getAnnotations();
    assertFalse("Etag should have been updated, but was not", a3.getEtag().equals(a.getEtag()));
    assertEquals("Retrieved Annotations in bundle do not match original ones", a2, a3);
    UserEntityPermissions uep = eb.getPermissions();
    assertNotNull("Permissions were requested, but null in bundle", uep);
    assertTrue("Invalid Permissions", uep.getCanEdit());
    EntityPath path = eb.getPath();
    assertNotNull("Path was requested, but null in bundle", path);
    assertNotNull("Invalid path", path.getPath());
    PaginatedResults<EntityHeader> rb = eb.getReferencedBy();
    assertNotNull("ReferencedBy was requested, but null in bundle", rb);
    Boolean hasChildren = eb.getHasChildren();
    assertNotNull("HasChildren was requested, but null in bundle", hasChildren);
    assertEquals("HasChildren incorrect", Boolean.TRUE, hasChildren);
    AccessControlList acl = eb.getAccessControlList();
    assertNotNull("AccessControlList was requested, but null in bundle", acl);
}

Example 5 with UserEntityPermissions

use of org.sagebionetworks.repo.model.auth.UserEntityPermissions in project Synapse-Repository-Services by Sage-Bionetworks.

the class EntityControllerTest method testGetUserEntityPermissions.

@Test
public void testGetUserEntityPermissions() throws JSONObjectAdapterException, ServletException, IOException, NotFoundException, DatastoreException {
    Project p = new Project();
    p.setName("UserEntityPermissions");
    p.setEntityType(p.getClass().getName());
    Project clone = (Project) entityServletHelper.createEntity(p, TEST_USER1);
    String id = clone.getId();
    toDelete.add(id);
    UserEntityPermissions uep = entityServletHelper.getUserEntityPermissions(id, TEST_USER1);
    assertNotNull(uep);
    assertTrue(uep.getCanEdit());
}